package com.jvyou.jdbc;

import java.sql.*;

/**
 * @author 橘柚
 * @version 1.0-SNAPSHOT
 * @Date 2024/7/17 15:48
 * @Description 测试SQL注入
 */
public class JDBCInjection {

    public static void main(String[] args) throws SQLException {
        String url = "jdbc:mysql://localhost:3306/jvyou-mybatis";
        String username = "root";
        String password = "123456";
        Connection connection = DriverManager.getConnection(url, username, password);
        Statement statement = connection.createStatement();
        // name 是动态获取的，这里我们模拟可能会出现 SQL注入的情况
        String name = "admin' or '1' = '1";
        String sql = "select * from user where name='" + name + "'";
        ResultSet resultSet = statement.executeQuery(sql);
        while (resultSet.next()) {
            System.out.println(resultSet.getString("name"));
        }
        resultSet.close();
        statement.close();
        connection.close();
    }
}
